Enabling Secure Connection for Web Services: Configure Workflow Setup

Microsoft Dynamics GPThis post is part of the Enabling Secure Connection for Web Services series.

With Web Services now configured for secure connections, the final step in the configuration is to amend the Workflow setup. This is done via the Workflow Setup window (Administration area page » Setup » System » Workflow Setup); despite this being on the System part of the menu, it is actually a Company window so any changes made will need to be repeated in all companies using Workflow.

There are two settings which need to be changed; both of them in the Enable E-Mail Actions section.

Change the Server Name to the externally accessible DNS hostname, change the Port to the relevant port and mark the This server requires a secure connection (SSL):

Workflow Setup

Continue reading “Enabling Secure Connection for Web Services: Configure Workflow Setup”

Enabling Secure Connection for Web Services: Final Service Configuration

Microsoft Dynamics GPThis post is part of the Enabling Secure Connection for Web Services series.

Over the last few posts, I’ve stepped through the changes to the Web Service configuration files. With all of these changes made, there are a small number of steps to now complte, or confirm as complete.

Firstly, as the configuration files have been changed, the Microsoft Dynamics GP Service Host needs to be restarted. This can be done via the Services control panel applet.

Secondly, ensure the firewall port for the secure port is configured to allow access.

Thirdly, I’d recommend verifying the Web Services are working correctly; when you test the services, use the updated paths for https access:

  • https://server.msdynamicsgp.co.uk:48666/DynamicsGPWebServices
  • https://server.msdynamicsgp.co.uk:48666/Dynamics/GPService

Enabling Secure Connection for Web Services: Update GP Workflow Service

Microsoft Dynamics GPThis post is part of the Enabling Secure Connection for Web Services series.

There are several configuration files which need to be amended to enable a secure connection for Web Services. The first is a href=’There are several configuration files which need to be amended to enable a secure connection for Web Services. The first is WSBindings.config, the second is the legacy endpoint config file, DynamicsGPLegacy.config, the second is the legacy endpoint config file, DynamicsGP.config and the fourth, being covered in this post, is the GP Workflow Service configuration file, GPWorfklowService.config, which is, by default, located in C:\Program Files\Microsoft Dynamics\GPWebServices\ServiceConfigs.

There are two elements which need to be updated in the services node:

  1. Change the bindingConfiguration node from WebHttpBindingTarget to WebHttpBindingTargetSSL.
  2. Add a new https baseAddress line using the new port and the externally accessible DNS hostname:
    <add baseAddress="https://SERVER.msdynamicsgp.co.uk:48666/Dynamics/GPService/rest"/>
      <service name="Microsoft.Dynamics.GP.WebServices.WorkflowActionRenderingEngineContract.WorkflowActionRenderingEngine">
        <endpoint behaviorConfiguration="GPWorkflowService.RestBehavior" binding="webHttpBinding" bindingConfiguration="WebHttpBindingTargetSSL" contract="Microsoft.Dynamics.GP.WebServices.WorkflowActionRenderingEngineContract.IWorkflowActionRenderingEngine"/>
        <endpoint name="aad" address="aad" behaviorConfiguration="GPWorkflowService.AzureRestBehavior" binding="webHttpBinding" contract="Microsoft.Dynamics.GP.WebServices.WorkflowActionRenderingEngineContract.IWorkflowActionRenderingEngine" bindingConfiguration="WebHttpBindingNoSecurity"/>
        <host>
          <baseAddresses>
            <add baseAddress="http://SERVER:48620/Dynamics/GPService/rest"/>
            <add baseAddress="https://SERVER.msdynamicsgp.co.uk:48666/Dynamics/GPService/rest"/>
          </baseAddresses>
        </host>
      </service>

Continue reading “Enabling Secure Connection for Web Services: Update GP Workflow Service”

Enabling Secure Connection for Web Services: Update Native Endpoint

Microsoft Dynamics GPThis post is part of the Enabling Secure Connection for Web Services series.

There are several configuration files which need to be amended to enable a secure connection for Web Services. The first is a href=’There are several configuration files which need to be amended to enable a secure connection for Web Services. The first is WSBindings.config; the second is the legacy endpoint config file, DynamicsGPLegacy.config and the third, being covered in this post, is the native endpoint configuration file, DynamicsGP.config, which is, by default, located in C:\Program Files\Microsoft Dynamics\GPWebServices\ServiceConfigs.

There are three elements which need to be updated in the services node:

  1. Change the behaviorConfiguration node from GPWCFStaticMetadataBehavior to GPDynamicMetadataBehavior.
  2. Change the bindingConfiguration node from WSHttpBindingTarget to WSHttpBindingTargetSSL.
  3. Add a new https baseAddress line using the new port and the externally accessible DNS hostname:
    <add baseAddress="https://SERVER.msdynamicsgp.co.uk:48666/Dynamics/GPService"/>
<service name="Microsoft.Dynamics.GP.WebServices.Contract.DynamicsGP" behaviorConfiguration="GPDynamicMetadataBehavior">
        <endpoint address="Mex" name="http" binding="customBinding" bindingConfiguration="CustomBinding" contract="IMetadataExchange"/>
        <endpoint address="GPService" name="GPWebService" binding="wsHttpBinding" bindingConfiguration="WSHttpBindingTargetSSL" contract="Microsoft.Dynamics.GP.WebServices.Contract.IGPServices"/>
        <host>
          <baseAddresses>
            <add baseAddress="http://SERVER:48620/Dynamics/GPService"/>
            <add baseAddress="https://SERVER.msdynamicsgp.co.uk:48666/Dynamics/GPService"/>
          </baseAddresses>
        </host>
      </service>

Continue reading “Enabling Secure Connection for Web Services: Update Native Endpoint”

Enabling Secure Connection for Web Services: Update Legacy Endpoint

Microsoft Dynamics GPThis post is part of the Enabling Secure Connection for Web Services series.

There are several configuration files which need to be amended to enable a secure connection for Web Services. The first is a href=’There are several configuration files which need to be amended to enable a secure connection for Web Services. The first is WSBindings.config; the second is the legacy endpoint config file, DynamicsGPLegacy.config which is, by default, located in C:\Program Files\Microsoft Dynamics\GPWebServices\ServiceConfigs.

There are three elements which need to be updated in the services node:

  1. Change the behaviorConfiguration node from GPLegacyStaticMetadataBehavior to GPDynamicMetadataBehavior.
  2. Change the bindingConfiguration node from BasicHttpBindingTarget to BasicHttpBindingTargetSSL.
  3. Add a new https baseAddress line using the new port and the externally accessible DNS hostname:
    <add baseAddress="https://SERVER.msdynamicsgp.co.uk:48666/DynamicsGPWebServices"/>
   <services>
      <service name="Microsoft.Dynamics.GP.WebServices.LegacyContract.DynamicsGP" behaviorConfiguration="GPDynamicMetadataBehavior">
        <endpoint address="Mex" name="http" binding="customBinding" bindingConfiguration="CustomBinding" contract="IMetadataExchange"/>
        <endpoint address="DynamicsGPService.asmx" name="LegacyDynamicsGP" binding="basicHttpBinding" bindingConfiguration="BasicHttpBindingTargetSSL" contract="Microsoft.Dynamics.GP.WebServices.LegacyContract.IGPServicesLegacy"/>
        <host>
          <baseAddresses>
            <add baseAddress="http://SERVER:48620/DynamicsGPWebServices"/>
            <add baseAddress="https://SERVER.msdynamicsgp.co.uk:48666/DynamicsGPWebServices"/>
          </baseAddresses>
        </host>
      </service>
    </services>

Continue reading “Enabling Secure Connection for Web Services: Update Legacy Endpoint”

Enabling Secure Connection for Web Services: Update Bindings

Microsoft Dynamics GPThis post is part of the Enabling Secure Connection for Web Services series.

There are several configuration files which need to be amended to enable a secure connection for Web Services. The first is WSBindings.config which is, by default, located in C:\Program Files\Microsoft Dynamics\GPWebServices\ServiceConfigs.

There are three sections of this config file which need to be amended, but before making any changes, take a backup of the entire file.

The first section is the basicHttpBinding section. Replicate the BasicHttpBindingTarget binding:

  • Change the name by appending SSL
  • Change the security mode to Transport
  <basicHttpBinding>
    <binding name="BasicHttpBindingTarget" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true">
      <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Ntlm"/>
      </security>
    </binding>
    <binding name="BasicHttpBindingTargetSSL" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true">
      <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
      <security mode="Transport">
        <transport clientCredentialType="Ntlm"/>
      </security>
    </binding>
  </basicHttpBinding>
basicHttpBinding

Continue reading “Enabling Secure Connection for Web Services: Update Bindings”

Enabling Secure Connection for Web Services: Update Certificate Binding

Microsoft Dynamics GPThis post is part of the Enabling Secure Connection for Web Services series.

The first step in enabling a secure connection for web services, is to bind the certificate to the port which will be used for secure access. As mentioned in the last post, I am using port 48666.

There are two commands which need to be run to bind the certificate; these need to be run via an elevated command prompt.

The first command registers the certificate for the new port; there are three parameters (highlighted) which need to be changed in the command:

  1. Port
  2. certhas which is the certificate thumbnail
  3. appid which is an arbitrary GUID; I generated a GUID using the SQL Server NEWID() command

Continue reading “Enabling Secure Connection for Web Services: Update Certificate Binding”

Enabling Secure Connection for Web Services: Before You Begin

Microsoft Dynamics GPThis post is part of the Enabling Secure Connection for Web Services series.

Before we start making any configuration changes to the Web Services for Microsoft Dynamics GP, there is a couple of decisions to me made:

  1. Decide which port is to be used. Web Services by default installs on port 48620; to enable a secure connection a different port must be used. You can use any available port; to keep clear of any other ports being used, the port I am using for this series is 48666.
  2. Create an externally accessible hostname with associated certificate; I am not covering this area in this series, but Microsoft’s Dan Peltier did a recent post titled “DNS Overview for External Workflow 2.0 Email Notification Approval”.

Finally, make sure to backup all configuration files before any changes are made to allow for a rollback if necessary.

Enabling Secure Connection for Web Services: Series Index

Microsoft Dynamics GPMicrosoft Dynamics GP 2013 R2 saw the introduction of a new Workflow module which allows the approval of transactions and changes to master records. Each version of Dynamics GP since then has seen additional new functionality introduced.

I have done a fair bit of writing about Workflow since it’s introduction, both in the form of blog posts and also books, but I recently realised that one element I hadn’t written about was the enabling of a secure connection for Web Services.

Web Services for Microsoft Dynamics GP is used by Workflow for Email Notifications and Actions. The default installation of Web Services is suitable for approvals which take place within the Domain, but not for outside. This is because the default installation does not secure the connection to Web Services.

In this series, I am going to cover each of the steps required to change Web Services over to using a secure connection.

Enabling Secure Connection for Web Services
Before You Begin
Update Certificate Binding
Update Bindings
Update Legacy Endpoint
Update Native Endpoint
Update GP Workflow Service
Final Service Configuration
Configure Workflow Setup